- A legitimate user purchases your digitally signed and encrypted application using a jailbroken iPhone.
- The legitimate user will ssh into their iPhone from their desktop.
- The legitimate user will navigate to your application's bundle and load it into a debugger like gdb.
- Your application is executed and decrypted by the iPhone because the user purchased it.
- The decrypted application that is in memory is then dumped to file by gdb.
- Your application bundle's Info.plist is modified so that the iPhone thinks it belongs to Apple!
- Your encrypted executable is replaced by the new decrypted copy.
- Your application bundle is re-packaged and distributed on BitTorrent
This should be enough to get any intrepid and enterprising App Store developer started on detecting a compromised application bundle.
Actual code coming up!